This user manual will instruct you on how to install your internal probe to run internal scans through Autobahn Fit
Table of content
Whitelisting IPs and Domains to install and operate the probe
Create your scan on Autobahn Fit
Request the internal probe
To enable the internal scan, you need to have the zip file of the internal probe ready to be installed in your system. You can get this file through your customer support. Contact our customer support for further assistance.
Whitelist IPs and Domains to install and operate the probe
The Docker host needs to be able to reach these IP addresses to provide direct (secured) connections to Autobahn Fit. Check this page to see the list of IPs to be whitelisted.
The Autobahn Fit worker is deployed via a Docker image.
Specifications:
The server hosting the docker should have at least 4 CPU cores, 8 GB RAM, 100GB HDD, and internet access.
You can install a pre-configured image through the Autobahn Docker registry with these steps:
1 - You need to have docker installed on your system as Autobahn is deployed via a docker image. On Ubuntu, this command installs docker:
$ sudo apt install docker.io
Ensure your user account has permission to run this command. More information: Docker: Accelerated, Containerized Application Development.
Docker installation steps may differ depending on the installed operating system. Please refer to Docker's official site for an installation tutorial based on the operating system (Reference: Install Docker Engine ). After Docker installation, please follow the post-install step as described in Linux post-installation steps for Docker Engine.
2 - Next, ensure that your user account can start Docker containers by running these commands:
$ sudo groupadd docker
$ sudo usermod -aG docker ${USER}
At this point, you need to log out and log in again for the group change to be effective
$ docker ps
3 - Execute the following command to extract the configuration and installation files, and to install the Autobahn Docker image.
$ unzip probe_name.zip
Replace probe_name with the name of the zip file that was given to you. This should be the name of the probe label.
$ cd autobahn_worker
4 - Then you will need to run the Autobahn worker. This worker needs to run when starting an internal scan, otherwise the scan would not start. Run the worker using the following command.
$ ./autobahn_probe.sh run
5 - The prompt will notify you that the worker is running. You can only start internal scans by running the worker (given all steps below have been completed).
6 - After your internal scan has finished, you can stop the Autobahn worker that is running using the following command.
$ ./autobahn_probe.sh stop
Other useful commands
Upgrade to the latest Autobahn Worker version
$ ./autobahn_probe.sh run
Uninstall the Autobahn Worker from Docker:
$ ./autobahn_probe.sh uninstall
Perform a network test to check whether a specific domain / subnet is reachable from the server:
$ ./autobahn_probe.sh network-test
For more information on each script, run them with
./autobahn_probe.sh help
$ ./autobahn_probe.sh disable-log-exports
To enable sending logs, run this command:
$ ./autobahn_probe.sh enable-log-exports
In case further logs data is required for troubleshooting, the command below will collect necessary logs and information from Autobahn Worker and compress it to a single file:
$ ./autobahn_probe.sh collect-logs
The compressed file will be created in the same directory as the script.
Test the probe
If you are unsure whether your assets have been whitelisted for an internal scan, you can check using the following command in your command prompt.
where:
-
target is the asset that would like to be scanned
-
ports is the specified asset port to be scanned (if any)
-
extra params are for any other parameters that would like to be added (if any)
Target can either be a domain, an IP address, or a subnet. If no ports are specified, ports 22, 80, and 443 will be scanned.
Once you have run this command, refer to the script output to check whether selected IPs have been whitelisted or not.
Examples
./autobahn_probe.sh network-test '192.168.0.0/24'
Commands the system to do network tests to specific subnet and default ports (22, 80, 443)
./autobahn_probe.sh network-test '192.168.0.0/24' '22,80,443,3307'
Commands the system to do network tests to specific subnets and specific ports
./autobahn_probe.sh network-test '192.168.0.0/24' '22,80,443,3307' '-6'
Commands the system to do network tests to specific subnets, and specific ports, and pass extra args to Nmap.
Create your internal scan
The internal probe has been successfully installed. You can now start internal scans by logging in to your account and starting a scan.